Create and run a build in a private pool
This page explains how to create a Cloud Build private pool connectedto the service producer network, and run a build in the private pool.
The service producer network is the network that hosts the private pool.By default, a private pool is set up to use the service producer network,which provides a build environment with:
- Configurable machine types
- Configurable disk sizes
- Access to resources in the public internet, such as resources in arepository or a registry
To follow step-by-step guidance for this task directly in the Cloud Shell Editor, clickGuide me:
Before you begin
- Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- Create a project: To create a project, you need the Project Creator role (
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission.Learn how to grant roles.
Verify that billing is enabled for your Google Cloud project.
Enable the Cloud Build API.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission.Learn how to grant roles.Install the Google Cloud CLI.
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
Toinitialize the gcloud CLI, run the following command:
gcloudinit
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Roles required to select or create a project
- Select a project: Selecting a project doesn't require a specific IAM role—you can select any project that you've been granted a role on.
- Create a project: To create a project, you need the Project Creator role (
roles/resourcemanager.projectCreator), which contains theresourcemanager.projects.createpermission.Learn how to grant roles.
Verify that billing is enabled for your Google Cloud project.
Enable the Cloud Build API.
Roles required to enable APIs
To enable APIs, you need the Service Usage Admin IAM role (
roles/serviceusage.serviceUsageAdmin), which contains theserviceusage.services.enablepermission.Learn how to grant roles.Install the Google Cloud CLI.
If you're using an external identity provider (IdP), you must first sign in to the gcloud CLI with your federated identity.
Toinitialize the gcloud CLI, run the following command:
gcloudinit
If you've already installed Google Cloud CLI previously, make sure you have thelatest available version by runninggcloud components update.
Create a private pool
In the Google Cloud console, open theCloud Build Worker pool tab:
Click
Create .In theCreate private pool panel, enter the following settings:
In the
Name field, entermy-first-privatepool.In the
Region field, selectus-central1.In the
Machine type field, selecte2-standard-2.In the
Available disk size field, enter800.Leave the
Network project number field blank.Leave the
Network field blank.Make sure
Assign external IPs is selected.
Click
Allow a short time for the private pool to be created. After the private poolis created, it is listed on theWorker pool tab.
Run a build in a private pool
Open a terminal window.
Create a new directory named
quickstart-private-pooland navigate into it:mkdir quickstart-private-poolcd quickstart-private-poolCreate a file named
cloudbuild.yamlwith the following contents:steps:- name: "bash" script: echo "I am running in a private pool!"options: pool: name: "projects/$PROJECT_ID/locations/us-central1/workerPools/my-first-privatepool"Start the build using the build config file:
gcloudbuildssubmit
When the build is complete, you'll see an output similar to the following:
I am running in a private pool!PUSHDONE------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ID CREATE_TIME DURATION SOURCE IMAGES STATUS5df45735-6414-40b7-9e10-e6d2023c8cea 2020-08-31T13:16:18+00:00 10S gs://private-pool-test_cloudbuild/source/1598879777.206444- 58901ecbd14e431f8cdacc85d5dd0fc3.tgz- SUCCESSView build details
Open theBuild history page in the Google Cloud console.
In the
You will see the build that you ran in the private pool.Region drop-down box, selectus-central1.Click on the build to view the build details, such as build summary and artifacts.
Clean up
To avoid incurring charges to your Google Cloud account for the resources used on this page, follow these steps.
Open theWorker pool page in the Google Cloud console:
In the row with your private pool, click the trash icon.
In theDelete private pool? pop-up box, clickDelete.
The private pool that you created as part of this quickstart is now deleted.You might need to refresh your screen to delete the private pool from theWorker pool page.
What's next
- Learn how tocreate a private VPC peering connection.
- Learn more aboutprivate pools.
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2026-02-18 UTC.